Items Tagged with "Vulnerabilities"


68b48711426f3b082ab24e5746a66b36

Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens WinCC Multiple Vulnerabilities

June 08, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

EWI: The Internet Health Model for Cybersecurity

June 04, 2012

“A public health model encompasses several interesting concepts that can be applied to internet security. As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online”...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

To Backdoor or Not?

June 03, 2012 Added by:Jayson Wylie

There is speculation of purposeful backdoor implementations for monitoring by the US government in the name of national security. If there is the ability for a government to monitor communications, how can we be assured that another government is not using the same means, but for different purpose?

Comments  (0)

C64d6029dda7a794e966cb3f6f6b5534

Cookies: Should We Really Like Them?

June 01, 2012 Added by:Ahmed Saleh

You should acknowledge that Cookies are widely used and can't really be avoided. If you wish to enjoy your internet surfing experience by navigating to “cookie creating websites” you should have a clear understanding of how cookies operate, and how to protect them from being abused...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Emerson DeltaV Multiple Vulnerabilities

May 31, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...

Comments  (0)

E85787adcaf7bca10e799cfd1cfd08f1

Patch as Patch Can: All Software is Flawed

May 30, 2012 Added by:Michelle Drolet

While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

On Air Gaps and Killer Toothbrushes

May 28, 2012 Added by:Chris Blask

Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: xArrow Multiple Vulnerabilities

May 25, 2012 Added by:Infosec Island Admin

Security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application which may cause a denial-of-service condition or allow an attacker to execute arbitrary code...

Comments  (0)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

DHS: Enabling Distributed Security in Cyberspace

May 24, 2012

This discussion paper explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices, are able to work together in near‐real time to anticipate and prevent cyber attacks...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

NoOps and the Role of Infosec in Software Development

May 23, 2012 Added by:Rafal Los

The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ZTE Confirms Backdoor Vulnerability in Android Devices

May 22, 2012 Added by:Headlines

"ZTE's Score M ships with an application featuring a hardcoded password that gives the user... administrator-level access. Running the program with the password spawns a root shell prompt on the Linux-powered mobes, allowing the phone to be completely taken over..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

Page « < 6 - 7 - 8 - 9 - 10 > »